How to override Splunk universal forwarder license acknowledgement?
How to override Splunk universal forwarder license acknowledgement on enterprise installation script?
View ArticleSplunk Light Trial Cloud Service: Unable to get universal forwarder...
Hello, I tested Splunk Light Trial version and this trial version is on Cloud service. So I don't have a choice, I have to download the Universal Forwarder Credentials to configure the universal...
View ArticleIs there an easy way to get resource usage per Splunk process for a universal...
Hi, Is there an easy way to get resource usage for a universal forwarder? I don't see anything in the distributed management console.
View ArticleHow to troubleshoot why data from a Windows universal forwarder is not...
Hi Splunkers, After performing your Best Practice of assigning the index to the admin and user roles, I (newbie) am still not get the application logs (as TXT files) into the tmsxe index. I I am on...
View ArticleWhy is my universal forwarder not respecting my limits.conf config?
All, I am have a simple app which just has this config in /default/limits.conf [thruput] maxKBps = 0 How can we get this event? 06-29-2016 20:32:01.257 +0000 INFO ThruputProcessor - Current data...
View ArticleHow to install a Splunk universal forwarder via command line in low-privilege...
I am Installing a Splunk universal forwarder using the command line with the following command in "low-privilege" mode. I want to use a local client account that is created prior to installation. This...
View ArticleIs it possible to report on a server's CPU, network, and memory utilization...
Hi, I have been looking at network tools such as PTRG, Zabbix, etc. to do weekly reports on Windows servers and a few in house Apps. None of them can do what I want without some heavy customizations. I...
View ArticleIs it possible to install Splunk forwarders on multiple Linux machines at one...
Hello I have 10 Linux machines on which I need to install a universal forwarder or heavy forwarder. My question is, do I need to log in to every machine and install Splunk, or can I do it all at one...
View ArticleUniversal Forwarder not sending data to indexer after successful connection
Hello, I have a setup that consists of a Search Head and 2 indexers in a cluster. I also use a self signed SSL certificate between the indexers and my universal forwarders. For some reason, my UF is...
View ArticleHow to troubleshoot why I am not receiving data for two sources I created on...
I have one forwarder that is working for 6+ sources. I created two sources today and no data is showing up. If I do this search: source="/usr/local/exist/latest/webapp/WEB-INF/logs/scheduler.log"...
View ArticleHow to troubleshoot why we are unable to get data into our heavy forwarder...
Currently we have an issue in getting the data into the heavy forwarder. We could see that below stanza is configured in the heavy forwarders, When checked under the path as mentioned in the stanza, we...
View ArticleHow to configure Splunk to prevent parsing multiple events as a single event?
I see a lot of Splunk Answers about multiple lined entries being broken up into separate events. I have the opposite problem: multiple events being reported as a single entry. I have two (identically...
View ArticleDo I need to reload a deployment server if I make an update to a deployment...
Assume I have all my folders distributed to Universal Forwarders under Repository location of my Deployment server. Team1 -- App A - Serverclass A Team2 -- AppB - Serverclass B If am going to change...
View ArticleWhy am I getting "access denied" when trying to edit inputs.conf on a Windows...
Recently I have configured a universal forwarder on a Windows 32 bit machine. I can see the Splunk process is running, but when I'm trying to edit inputs.conf, it's giving access denied, even after...
View ArticleHow to disable SSL 2.0 and 3.0. Use TLS 1.1 (with approved cipher suites) or...
Description ========= The remote service accepts connections encrypted using SSL 2.0 and/or SSL 3.0. These versions of SSL are affected by several cryptographic flaws. An attacker can exploit these...
View ArticleCan you make universal forwarders only ingest files older than X minutes?
Trying to ingest file ONLY older than 10 minutes. I know the universal forwarder can ignore files older than X but looking for the opposite.
View ArticleHow do you add Perfmon:Process in universal forwarders?
Hi, How do you add Perfmon:Process into Splunk universal forwarders? I tried using the guides, but Splunk does not show any new Source/type. I added the following in both inputs.conf and wmi.conf. Do I...
View ArticleIs there any way to monitor CPU on Mac OS?
Hello, Is there any way to monitor CPU/ performance on a Mac OS? Does the universal forwarder for Mac include scripts for polling cpu/ram/etc.. ? Regards, David
View ArticleWhy does splunkd_access.log burst events on our Unix universal forwarder for...
Hi, I've set up a Unix universal forwarder to monitor text-based files on a system. I always thought forwarders have a small footprint, but my forwarder currently eats up 17% of the CPU of the machine...
View ArticleIs there a way to get a list of Splunk Apps that are installed on a...
Through Forwarder Management, you can see Clients and list how many apps are installed on that client. What I want to be able to do is list the apps that are installed on a client, so if a client has...
View Article